๐บ๐ธ
TPI-Abuse
2026-07-17 06:52:58
(3 hours ago)
(mod_security) mod_security (id:240335) triggered by 122.161.172.13 (abts-north-dynamic-013.172.161. ...
show more
(mod_security) mod_security (id:240335) triggered by 122.161.172.13 (abts-north-dynamic-013.172.161.122.airtelbroadband.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 02:52:53.915689 2026] [security2:error] [pid 390886:tid 390886] [client 122.161.172.13:17619] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 122.161.172.13 (+1 hits since last alert)|mariettacaseyclub.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mariettacaseyclub.org"] [uri "/xmlrpc.php"] [unique_id "alnRRWkpMeBlmDzi8loMdgAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 05:17:07
(4 hours ago)
(mod_security) mod_security (id:240335) triggered by 122.161.172.13 (abts-north-dynamic-013.172.161. ...
show more
(mod_security) mod_security (id:240335) triggered by 122.161.172.13 (abts-north-dynamic-013.172.161.122.airtelbroadband.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 01:17:02.373882 2026] [security2:error] [pid 3196:tid 3196] [client 122.161.172.13:7968] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 122.161.172.13 (+1 hits since last alert)|caymancline.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "caymancline.com"] [uri "/xmlrpc.php"] [unique_id "alm6ztlNyGUsV4LEc6ia7AAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-07-17 04:12:20
(5 hours ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-16 13:39:37
(20 hours ago)
(mod_security) mod_security (id:240335) triggered by 122.161.172.13 (abts-north-dynamic-013.172.161. ...
show more
(mod_security) mod_security (id:240335) triggered by 122.161.172.13 (abts-north-dynamic-013.172.161.122.airtelbroadband.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 09:39:31.389623 2026] [security2:error] [pid 13900:tid 13900] [client 122.161.172.13:15818] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 122.161.172.13 (+1 hits since last alert)|greenmountainfeeds.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "greenmountainfeeds.com"] [uri "/xmlrpc.php"] [unique_id "aljfE49e788dRAJh9dZhlwAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 10:10:25
(23 hours ago)
(mod_security) mod_security (id:240335) triggered by 122.161.172.13 (abts-north-dynamic-013.172.161. ...
show more
(mod_security) mod_security (id:240335) triggered by 122.161.172.13 (abts-north-dynamic-013.172.161.122.airtelbroadband.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 06:10:18.253751 2026] [security2:error] [pid 4484:tid 4484] [client 122.161.172.13:13392] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 122.161.172.13 (+1 hits since last alert)|gemco-mfg.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "gemco-mfg.com"] [uri "/xmlrpc.php"] [unique_id "aliuCi3h-E-nYCIigHQHkwAAABw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
integrantservices.com
2026-07-16 08:01:24
(1 day ago)
(wordpress) Failed wordpress login from 122.161.172.13 (IN/India/abts-north-dynamic-013.172.161.122. ...
show more
(wordpress) Failed wordpress login from 122.161.172.13 (IN/India/abts-north-dynamic-013.172.161.122.airtelbroadband.in)
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-16 05:59:56
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 122.161.172.13 (abts-north-dynamic-013.172.161. ...
show more
(mod_security) mod_security (id:240335) triggered by 122.161.172.13 (abts-north-dynamic-013.172.161.122.airtelbroadband.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 01:59:47.811494 2026] [security2:error] [pid 17962:tid 17962] [client 122.161.172.13:18248] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 122.161.172.13 (+1 hits since last alert)|roguetechscene.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "roguetechscene.com"] [uri "/xmlrpc.php"] [unique_id "alhzUwff0c8KUA8rv-Ux8gAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
burlacu.org
2026-07-16 05:30:04
(1 day ago)
Nginx multi-log analysis detected: wordpress_scan. Evidence: XMLRPC abuse with 20 requests. Blocked ...
show more
Nginx multi-log analysis detected: wordpress_scan. Evidence: XMLRPC abuse with 20 requests. Blocked automatically.
show less
Web App Attack
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-15 13:59:26
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 122.161.172.13 (abts-north-dynamic-013.172.161. ...
show more
(mod_security) mod_security (id:240335) triggered by 122.161.172.13 (abts-north-dynamic-013.172.161.122.airtelbroadband.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 09:59:19.978213 2026] [security2:error] [pid 1240138:tid 1240138] [client 122.161.172.13:22782] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 122.161.172.13 (+1 hits since last alert)|talentstar.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "talentstar.com"] [uri "/xmlrpc.php"] [unique_id "aleSN_0DTEVON2rrVEDb5AAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-15 11:53:03
(1 day ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
Jason Howell
2026-07-15 09:10:44
(2 days ago)
122.161.172.13 - - [15/Jul/2026:04:09:58 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4358 "-" "Jetpack by ...
show more
122.161.172.13 - - [15/Jul/2026:04:09:58 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4358 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.4)"
122.161.172.13 - - [15/Jul/2026:04:10:08 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4360 "-" "WordPress.com; https://wordpress.com"
122.161.172.13 - - [15/Jul/2026:04:10:17 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4360 "-" "WordPress.com; https://wordpress.com"
122.161.172.13 - - [15/Jul/2026:04:10:28 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4359 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.3)"
122.161.172.13 - - [15/Jul/2026:04:10:43 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4359 "-" "Jetpack by WordPress.com"
...
show less
Web App Attack